Coder fires Idiocy warning to Twitter users

By

Compromises your account, then warns you.

A coder has developed a hijacking tool to compromise Twitter accounts and then post a warning to the victim.

Coder fires Idiocy warning to Twitter users

The tool, named “Idiocy,” searches for users insecurely visiting Twitter over public Wi-Fi networks and then hijacks their session to post a tweet informing them they are vulnerable to attack.

A link has also been included in the tweet directing users to a website explaining what has happened once a user has been exploited.

Jonty Wareing, a London-based software developer, has been credited as the tool’s creator and he made the exploit code available on GitHub.

He claimed to have been inspired by the creation of the Firesheep tool – a Firefox browser extension, which was designed to exploit weak transaction security on social network applications, such as Facebook and iGoogle.

Firesheep allows the hacker to scan for vulnerable active social networking sessions and gives the user a simple-to-use interface to launch attacks.

“A large amount of the communication between individuals today is through social networking sites, where rapid growth is first priority and security is an after thought, but most don’t implement any sort of encryption at all,” said Daniel Peck, research scientist at Barracuda Networks.

“The only way to make these attacks go away for good is for application level encryption (such as SSL) to be ubiquitous. While it is certainly more common than just a few years ago, most sites are either still missing the feature or they are implementing it incorrectly.”

While the majority of login pages are protected by SSL, often the secure connection is subsequently abandoned by the site, he explained.

“The user is dropped back to an insecure connection that exposes the cookie or session ID that uniquely identifies the user allowing tools like Firesheep to impersonate the account,” Peck added.

Social networks have increasingly become the target of cyber criminals; this week a Mac version of the dangerous Koobface trojan was discovered.

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:
firessecuritysoftwaretwitteruserswarning

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?